On Tue, 20 Feb 2007 12:38:24 CST, Brian Allen said:
> You might want to contact REN-ISAC because they notify universities all
> the time when they have infected machines. They could get this info out
> in a hurry to all the correct people.
Quite likely they can get it out to *some* of the correct people. The
problem is that the sort of network that goes to the trouble of getting
somebody REN-ISAN membership is probably the sort of network that doesn't
usually make it onto J. Oquendo's radar.
(Yes - it's possible to find screaming SSH scanners on the nets of REN-ISAC
members. I'm sure we have the occasional one ourselves. But if dropping
a note to security at vt.edu doesn't make something happen, it means that
we screwed up...)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/unisog/attachments/20070220/ed179577/attachment-0001.bin